Xpdf is an X Window System based viewer for Portable Document Format (PDF)files.

Multiple integer overflow flaws were found in Xpdf's JBIG2 decoder. Anattacker could create a malicious PDF file that would cause Xpdf to crashor, potentially, execute arbitrary code when opened. (CVE-2009-0147,CVE-2009-1179)

Multiple buffer overflow flaws were found in Xpdf's JBIG2 decoder. Anattacker could create a malicious PDF file that would cause Xpdf to crashor, potentially, execute arbitrary code when opened. (CVE-2009-0146,CVE-2009-1182)

Multiple flaws were found in Xpdf's JBIG2 decoder that could lead to thefreeing of arbitrary memory. An attacker could create a malicious PDF filethat would cause Xpdf to crash or, potentially, execute arbitrary code whenopened. (CVE-2009-0166, CVE-2009-1180)

Multiple input validation flaws were found in Xpdf's JBIG2 decoder. Anattacker could create a malicious PDF file that would cause Xpdf to crashor, potentially, execute arbitrary code when opened. (CVE-2009-0800)

Multiple denial of service flaws were found in Xpdf's JBIG2 decoder. Anattacker could create a malicious PDF that would cause Xpdf to crash whenopened. (CVE-2009-0799, CVE-2009-1181, CVE-2009-1183)

Red Hat would like to thank Braden Thomas and Drew Yao of the Apple ProductSecurity team, and Will Dormann of the CERT/CC for responsibly reportingthese flaws.

Users are advised to upgrade to this updated package, which containsbackported patches to correct these issues.

4. Solution:

Before applying this update, make sure that all previously-releasederrata relevant to your system have been applied.

This update is available via Red Hat Network. Details on how to usethe Red Hat Network to apply this update are available athttp://kbase.redhat.com/faq/docs/DOC-11259